A recent hacking incident involving a firm that staffs U.S. hospitals' emergency departments with physicians serves as a reminder of tricky questions that can pop up when a vendor has a breach impacting patient data.
Some military health facilities haven't consistently implemented security controls, putting patient data at risk, according to a new watchdog agency report. But security experts say the weaknesses are quite common at civilian health facilities as well.
A former Massachusetts gynecologist has been convicted in a rare case involving a criminal HIPAA violation. The case was tied to providing a pharmaceutical salesperson access to patients' medical records.
Fitbit and Google say they are collaborating to accelerate innovation and "transform the future" of digital health and wearables, leveraging cloud computing. Some observers, however, say the partnership also raises privacy, security and patient safety questions.
Jan Koum, WhatsApp's co-founder, is leaving Facebook. His departure marks another exit of a high-level privacy and security advocate. If Facebook continues to lose those who could better influence the social networking site's worrying views toward user data, what does that mean for the rest of us?
Makers of internet of things devices - especially those that handle health information - must implement protections into their product development lifecycle to effectively safeguard consumers' data, says regulatory attorney Elliot Golding.
Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program. But current program requirements for conducting a security risk analysis would stick.
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.
The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor's misconfigured server. The case is the latest example of the risks posed by vendors.
Should federal regulators provide physicians with a free pass from having to conduct a HIPAA risk analysis or face a random HIPAA compliance audit if they implement a cybersecurity framework? That's what the AMA is proposing. Security experts weigh in with reactions.
Leading the latest edition of the ISMG Security Report: Ransomware hits the city of Atlanta, Baltimore's 911 system as well as aviation giant Boeing. Plus, WikiLeaks and its Julian Assange get taken for a ride by Russian intelligence.
Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation's top HIPAA enforcer. So, what changes are being considered?
Despite the White House's request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
Recent financial reports from three healthcare sector organizations that suffered cyberattacks demonstrate how costly data breaches can be for not-for-profit healthcare providers and for-profit companies alike.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.